We’ve recently seen spear phishing emails which appear to come from someone you know, like a supervisor, asking to set up a money transfer or other financial transaction. If this were something you might do as part of your job it may not appear overly suspicious.
Spear phishing differs from regular email scams in that it is personalized. Unlike the bulk “Dear user, validate your account” email, whoever sent the this knows at least a little bit about you – in this case, where you work, what department you are in, and who your likely supervisor or department head is. Of course this is all information that can be easily obtained by browsing the Williams web site. Because the email seems to come from someone you know, you may be less vigilant and start the process of fulfilling their request. If it appears to be someone from your department asking for urgent action, you may be tempted to act before thinking. Fortunately you can easily verify any requests that come in by picking up the phone or employing direct human contact. DO NOT reply to the email – the recent examples we have seen appear to come from, say, [email protected], but the reply address is going to [email protected] Please also forward these emails to [email protected] so OIT staff can evaluate the threat and act accordingly. Keep in mind this spear phishing method can easily be employed by someone who can browse your Facebook profile or can do simple Google searches. Your family relationships, school affiliations, likes, hobbies, even possibly DOB could all be public information. You may not be able to limit basic information about yourself from the web but you can employ skepticism when you receive emails which seem out of character.
Please contact us if you have questions about spear phishing or scams in general.